The advantages of digitized video and music are numerous, but one significant drawback is that being digitized, the content is relatively easy to copy perfectly, without authorization by the copyright owner. Pirating of content currently costs content providers billions of dollars each year. Therefore, numerous schemes have been developed to address this problem, but not all are practical given the large number of content instances and devices that handle content.
U.S. Pat. No. 6,118,873 provides an encryption system for the secure broadcasting of programs, including updates to authorized in-home digital video devices. That patent discloses a system for encrypting broadcast music, videos, and other content such that only authorized player-recorders can play and/or copy the content and only in accordance with rules established by the vendor of the content. Authorized players or recorders are issued software-implemented device keys from a matrix of device keys termed a media key block (MKB). The keys can be issued simultaneously with each other or over time, but in any event, no player-recorder is supposed to have more than one device key per column of the matrix. Although two devices might share the same key from the same column, the chances that any two devices share exactly the same set of keys from all the columns of the matrix are very small when keys are randomly assigned. The keys are used to decrypt content. Devices may be ‘revoked’ by encrypting future protected content in various ways such that particular selected devices cannot decrypt it properly.
In the case of recordable media, content protection is conventionally based on having a media key block on each media instance (in this application, the term “media” may refer to a particular data storage item or a plurality of such data storage items). This MKB allows compliant devices to calculate a proper media key, while preventing circumvention devices from doing the same thing. Heretofore, it has been important that the MKB be read-only, even though the rest of the medium is, of course, read/write, i.e. recordable. The MKB needs to be read-only because of the following so-called “down-level media” attack: if the MKB were read/write, an attacker could write an old broken MKB on the medium, and then ask a compliant device to encrypt and record a piece of content of interest to the attacker. Since the MKB is broken, the attacker knows the media key and can decrypt this content. The attacker thus gets the protected content in the clear, effectively defeating the goal of the content protection scheme.
However, having a read-only area on read/write media is often problematic. For example, in DVD-RAM, DVD-R, and DVD-R/W media, the MKB is pre-embossed on the lead-in area, a part of the disc not written into by recorders. The lead-in area has a limited capacity. Therefore, this approach inherently limits the size of the MKB, thereby restricting the number of circumvention devices that can be revoked. In the case of DVD+R and DVD+R/W media, the lead-in area is read/write. The approach used in that technology is to write only a digest of the MKB into the “burst cut area” (BCA), a very limited read-only area near the hub of the disc, during manufacture. Writing into the BCA adds another $0.05 to the cost of each disc, unfortunately.
A potentially more serious problem is that these approaches require the disc replicator to be involved in the process. Not all disc replicators wish to become licensees of the given content protection scheme, so to date each type of media has two versions: one with MKBs, and one without. Since only the MKB-containing media can be used to record protected content, there is substantial potential for consumer confusion. Furthermore, the disc replicators have to be constrained by license not to put too many discs out with the same MKB. If they did, the media key of that MKB could become an important global secret, the compromise of which could do serious damage to the content protection scheme. But there is a cost/security tradeoff involved, because the cost of replication is strongly dependent on the number of identical replicas that can be made. To date, that tradeoff has been made entirely to favor low cost: the replicators are allowed to use a single MKB a million times.